Authorization Bypass Vulnerability in Cache Purger Plugin for WordPress
CVE-2026-15350
4.3MEDIUM
What is CVE-2026-15350?
The Cache Purger plugin for WordPress contains a vulnerability that allows authenticated users, including those with subscriber-level access, to bypass authorization checks. This flaw enables these attackers to truncate the cache-purge audit log (wp-content/purge.log), effectively erasing the entire log history. The tcp_log_purge nonce is displayed in the admin bar, which is accessible to all authenticated users, allowing unauthorized deletion of sensitive log data.
Affected Version(s)
The Cache Purger 0 <= 2.3.20